Earlier this month I attended the Digital Medical Expertise & Applications (DMEA) 2019. The DMEA fair in Berlin (formerly conhIT) is the central platform for digital health care as it brings together companies of health IT, academic institutions, politics and healthcare delivery organizations in several format such as innovation hubs and talks during congress sessions as a part of the industry fair. I participated in a congress session about IT security in healthcare with a talk about medical device security and common security flaws in medical devices. Some of the aspects have also been covered in my talk at #TR19 .
As a follow-up of the very fruitful discussions between people from the car industry and medical device security folks in the IoT roundtable session from #TR19 I wanted to share my experiences and insights from the DMEA with you.
As promised in my previous post, I am back for an overview of the Troopers19 – Active Directory related talks… Videos have been published and it’s popcorn time… So if you are into stories about Kingdoms and Crown Jewels, grab your loved one [or a drink…] and turn the lights down low, ’cause tonight it’s “Troopers & Chill…”
When I got home last weekend after an awesome week at WEareTROOPERS, my 5yr old asked me what actually happened in Heidelberg…
I told him we were meeting with some people from all over the world to talk about computer security, and he asked me if it was “to stop the bad guys, like super-heroes?”. So I told him “yes, kind of…”, and he decided he would take his new Troopers T-Shirt to school on Monday to show his classmates. Kids are truly amazing… [<3 <3 <3]
But since you are not a kid anymore, I would like to take the opportunity of this blogpost to go into a bit more details and tell you what really happens at Troopers… I’ll skip on the technical for now (most probably will do another post once the recordings are made available), and in this post I would like to put the focus on the human side.
We have the most amazing trainers this year lined up for Blackhoodie at Troopers 2019. We have Thais, Silvia, Lisa and Ninon going to give workshops on various interesting topics! Below are some of the workshop contents:
Last week I had the pleasure to attend Offensivecon 2019 in Berlin. The conference was organized very well, and I liked the familial atmosphere which allowed to meet lots of different people. Thanks to the organizers, speakers and everyone else involved for this conference! Andreas posted a one tweet tldr of the first day; fuzzing is still the way to go to find bugs, and mitigations make exploitation harder. Here are some short summaries of the talks I enjoyed.
As some of you might recall we’ve introduced a dedicated “Active Directory Security Track” at last year’s Troopers. For Troopers19 we’ve expanded it to two days (as the SAP Security Track was discontinued), and in the following I’ll provide a list of talks in the track.
“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 19, you can learn how to answer this question yourself!
In our 2 day long “Hacking mobile applications” workshop, we teach how to find security vulnerabilities in mobile apps, exploit them and defend against them. We start from scratch, therefore no prior experience in hacking or developing mobile apps is required. Whether you want to learn how to pentest mobile apps, you are an app developer that fancies to secure his/her apps, or just curios, our workshop is a jumpstart to your goal.
Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables:
in-depth studies of undocumented, or poorly documented, system functionalities;
development of performant and compatible software to monitor or extend the activities of the operating system itself; and
analysis of security-related issues, such as persistent malware.